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AMENDMENTS TO THE CLAIMS 

1 . (Currently amended) An apparatus for detecting adversarial activity on a network, 
comprising: 

a memory configured to store a host table; 

a key exchanger configured to repeatedly derive a cipher key such that the resulting 
cipher key changes over time; 

a translator configured to restore predetermined portions of packet header 
information of a data packet according to a cipher algorithm keyed by the cipher key, wherein the 
predetermined portions include a previously translated address, the previously translated address 
being extracted from the packet header information, r estored into an address from which the 
previously translated address was translated , and placed back into the packet header information of 
the data packet ; 

a mapping device configured to map the address to the host table; 

a host resolution device configured to issue a request to the network to resolve the 
address when the address does not match an entry in the host table and to supplement the host table 
with the address upon receipt of a reply to the request that indicates that the address is valid; and 

an actuator configured to trigger a security device when the address does not match 
an entry in the host table. 

2. (Previously presented) An apparatus as set forth in Claim 1, wherein the security 
device is a logging device configured to log the data packet. 

3. (Previously presented) An apparatus as set forth in Claim 1, wherein the security 
device is configured to signal an alarm when triggered. 

4. (Previously presented) An apparatus as set forth in Claim 1, wherein said host 
resolution device is configured to derive the host table using an address resolution protocol. 
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5. (Previously presented) An apparatus as set forth in Claim 1, further comprising: 
a network device configured to place the data packet onto a network when the 

address maps to the host table. 

6. (Currently amended) A method for detecting adversarial activity on a network, 
comprising: 

storing a host table; 

repeatedly deriving a cipher key such that the resulting cipher key changes over time; 

restoring predetermined portions of packet header information of a data packet 
according to a cipher algorithm keyed by the cipher key, wherein the predetermined portions 
include a previously translated address, the previously translated address being extracted from the 
packet header information, restored into an address from which the previously translated address 
was translate d, and placed back into the packet header information of the data packet ; 

mapping the address to the host table; 

issuing a request to the network to resolve the address when the address does not 
match an entry in the host table and supplementing the host table with the address upon receipt of a 
reply to the request that indicates that the address is valid; and 

triggering a security device when the address does not match an entry in the host 

table. 

7. (Original) A method as set forth in Claim 6, further comprising: 

logging the data packet when the address does not match an entry in the host table. 

8. (Original) A method as set forth in Claim 6, further comprising: 
signaling an alarm when the security device is triggered. 

9. (Previously Presented) A method as set forth in Claim 6, further comprising: 
deriving the host table using an address resolution protocol. 
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10. (Original) A method as set forth in Claim 6, further comprising: 

placing the data packet onto a network when the address maps to the host table. 

1 1 . (Currently amended) A device for detecting adversarial activity on a network, 
comprising: 

means for storing a host table; 

means for repeatedly deriving a cipher key such that the resulting cipher key changes 

over time; 

means for restoring predetermined portions of packet header information of a data 
packet according to a cipher algorithm keyed by the cipher key, wherein the predetermined portions 
include a previously translated address, the previously translated address being extracted from the 
packet header information, restored into an address from which the previously translated address 
was translate d, and placed back into the packet header information of the data packet ; 

means for mapping the address to the host table; 

means for issuing a request to the network to resolve the address when the address 
does not match an entry in the host table and supplementing the host table with the address upon 
receipt of a reply to the request that indicates that the address is valid; and 

means for triggering a security device when the address does not match an entry in 

the host table. 

12. (Original) A device as set forth in Claim 11, further comprising: 

means for logging the data packet when the address does not match an entry in the 

host table. 

13. (Original) A device as set forth in Claim 11, further comprising: 
means for signaling an alarm when the security device is triggered. 
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14. (Previously presented) A device as set forth in Claim 11, further comprising: means 
for deriving the host table using an address resolution protocol. 

15. (Original) A device as set forth in Claim 11, further comprising: 

means for placing the data packet onto a network when the address maps to the host 

table. 

16. (Currently amended) A bastion host comprising at least one computing device 
adapted for processing packet header information of a data packet, the bastion host being operable 
configured to: 

store a host table; 

repeatedly derive a cipher key such that the resulting cipher key changes over time; 

restore predetermined portions of packet header information of a data packet 
according to a cipher algorithm keyed by the cipher key, wherein the predetermined portions 
include a previously translated address, the previously translated address being extracted from the 
packet header information, restored into an address from which the previously translated address 
was translate d, and placed back into the packet header information of the data packet ; 

map the address to the host table; 

issuing a request to the network to resolve the address when the address does not 
match an entry in the host table and supplement the host table with the address upon receipt of a 
reply to the request that indicates that the address is valid; and 

trigger a security device when the address does not match an entry in the host table. 

17. (Currently amended) The bastion host as set forth in Claim 16, the bastion host 
being further operable configured to log the data packet when the address does not match an entry in 
the host table. 
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18. (Currently amended) The bastion host as set forth in Claim 16, the bastion host 
being further operable configured to signal an alarm when the security device is triggered. 

19. (Currently amended) The bastion host as set forth in Claim 16, the bastion host 
being further operable configured to derive the host table using an address resolution protocol. 

20. (Currently amended) The bastion host as set forth in Claim 16, the bastion host 
being further operable configured to place the data packet onto a network when the address maps to 
the host table. 

21-24. (Cancelled) 

25. (Previously presented) An apparatus as set forth in Claim 1, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein said translator is 
configured to restore the apparatus portion of the address without also restoring the network portion 
of the address. 

26. (Previously presented) An apparatus as set forth in Claim 1, wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, the 
translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet header 
information in fields other than the one or more fields of the translated packet header, and 

wherein said translator is configured to restore at least a portion of the packet header 
information in the one or more predetermined fields. 

27. (Previously presented) A method as set forth in Claim 6, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
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been translated without the network portion also being translated, and wherein restoring 
predetermined portions of packet header information includes restoring the apparatus portion of the 
address without also restoring the network portion of the address. 

28. (Previously presented) A method as set forth in Claim 6, wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, the 
translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet header 
information in fields other than the one or more fields of the translated packet header, and wherein 
restoring predetermined portions of packet header information comprises: 

restoring at least a portion of the packet header information in the one or more 
predetermined fields. 

29. (Previously presented) A device as set forth in Claim 11, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein said means for 
translating predetermined portions of packet header information is configured to restore the 
apparatus portion of the address without also restore the network portion of the address. 

30. (Previously presented) A device as set forth in Claim 11, wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, the 
translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet header 
information in fields other than the one or more fields of the translated packet header, and wherein 
said means for restoring predetermined portions of packet header information is configured to 
restore at least a portion of the packet header information in the one or more predetermined fields. 
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3 1 . (Currently amended) A bastion host as set forth in Claim 16, wherein the address 
includes a network portion and an apparatus portion, the apparatus portion of the address having 
been translated without the network portion also being translated, and wherein the bastion host is 
operable further configured to restore predetermined portions of packet header information 
including restoring the apparatus portion of the address without also restoring the network portion 
of the address. 

32. (Currently amended) A bastion host as set forth in Claim 16, wherein the data packet 
includes a translated packet header with a plurality of fields carrying packet header information, the 
translated packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated packet header 
information in fields other than the one or more fields of the translated packet header, and wherein 
the bastion host is operable further configured to restore predetermined portions of packet header 
information including: 

restoring at least a portion of the packet header information in the one or more 
predetermined fields of the header. 
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